Timothy A. S. Davidson
Department of Computer Science
University of Warwick, UKSchool of Computing Science
University of Glasgow, UKDepartment of Computer Science
University of Warwick, UKSchool of Computing Science and
School of Physics and Astronomy
University of Glasgow, UKSimon J. Gay
School of Computing Science
University of Glasgow, UKDepartment of Computer Science
University of Warwick, UKSchool of Computing Science and
School of Physics and Astronomy
University of Glasgow, UKRajagopal Nagarajan
Partially supported by “Process Algebra
Approach to Distributed Quantum Computation and Secure Quantum
Communication”, Australian Research Council Discovery Project
DP110103473.Department of Computer Science
University of Warwick, UKSchool of Computing Science and
School of Physics and Astronomy
University of Glasgow, UKIttoop Vergheese Puthoor
Supported by a Lord Kelvin / Adam
Smith Scholarship from the University of Glasgow.School of Computing Science and
School of Physics and Astronomy
University of Glasgow, UK

Abstract

We describe the use of quantum process calculus to describe and
analyze quantum communication protocols, following the successful
field of formal methods from classical computer science. The
key idea is to define two systems, one modelling a protocol and one
expressing a specification, and prove that they are
behaviourally equivalent. We summarize the necessary theory in
the process calculus CQP, including the crucial result that
equivalence is a congruence, meaning that it is preserved by
embedding in any context. We illustrate the approach by
analyzing two versions of a quantum error correction system.

Quantum process calculus is a generic term for a class of formal
languages with which to describe and analyze the behaviour of systems
that combine quantum and classical computation and communication.
Quantum process calculi have been developed as part of a programme to
transfer ideas from the field of formal methods, well
established within classical computer science, to quantum systems. The
field of formal methods provides theories, methodologies and tools for
verifying the correctness of computing systems, usually systems that
involve concurrent, communicating components. The motivation for
developing quantum formal methods is partly to provide a conceptual
understanding of concurrent, communicating quantum systems, and partly
to support the future development of tools for verifying the
correctness of practical quantum technologies such as cryptosystems.

Our own approach is based on a particular quantum process calculus
called Communicating Quantum Processes (CQP), developed by Gay and
Nagarajan [6]. Recent work on CQP has addressed the
question of defining behavioural equivalence between processes,
which formalizes the idea of observational indistinguishability. The
aim is to support the following methodology for proving correctness of
a system. First, define System, a process that models the
system of interest. Second, define Specification, a simpler
process that directly expresses the desired behaviour of
System. Third, prove that these two processes are
equivalent, meaning indistinguishable by any observer: System≅Specification. This approach works best when the notion
of equivalence is a congruence, meaning that it is preserved by
inclusion in any environment. While there have been several attempts
to define a congruence for a quantum process calculus, the problem has
only recently been solved: for CQP, reported in Davidson’s PhD thesis
[3], and independently for qCCS by Feng et
al.[5].

The present paper begins in Section 2 by reviewing the
language of CQP and illustrating it with a model of a quantum error
correcting code. Section 3 then summarizes the
theory of behavioural equivalence for CQP, which has not previously
been published other than in Davidson’s thesis, and applies it to the
error correcting code. Section 4 analyzes the system
in the presence of errors that cannot be corrected. Finally,
Section 5 concludes with an indication of
directions for future work. The contributions of the paper are the
first publication of the definition of a congruence for CQP, and the
application of CQP congruence to examples beyond the teleportation and
superdense coding systems that have been considered previously.

Related Work

Lalire [11] defined a probabilistic branching
bisimilarity for the process calculus QPAlg, based on the branching
bisimilarity of van Glabbeek and Weijland [10], but it
was not preserved by parallel composition.
Feng et al. [4] developed qCCS and defined strong and
weak probabilistic bisimilarity. Their equivalences are preserved by
parallel composition with processes that do not change the quantum
context. A later version of qCCS [18] excluded classical
information and introduced the notion of approximate bisimilarity as a
way of quantifying differences in purely quantum process behaviour.
Their strong reduction-bisimilarity is a congruence is not sufficient
for the analysis of most interesting quantum protocols, as the
language does not include a full treatment of measurement. In recent
work, Feng et al. [5] define a new version of qCCS and
prove that weak bisimilarity is a congruence. They apply their result
to quantum teleportation and superdense coding. The details of their
equivalence relation are different from our full probabilistic
branching bisimilarity, and a thorough comparison awaits further work.

The work presented in this paper contrasts with previous work on
model-checking quantum systems. The QMC (Quantum Model-Checker) system
[8, 9] is able to verify that a quantum protocol
satisfies a specification expressed in a quantum logic, by
exhaustively simulating every branch of its behaviour. The use of
logical formulae is known as property-oriented specification,
in distinction to the process-oriented specifications
considered in the present paper. Because of the need for efficient
simulation, QMC uses the stabilizer formalism [2] and is
limited to Clifford group operations. Nevertheless, this is sufficient
for the analysis of a simple error correcting code, and such an
analysis appears in [9]. There are two main advantages of
the process calculus approach. First, because we are using
pen-and-paper reasoning rather than computational simulation, there is
no restriction to stabilizer states. Second, the fact that equivalence
is a congruence means that we can use equational reasoning to deduce
further equivalences, whereas in the model-checking approach we only
obtain the particular fact that is checked. The disadvantage of the
process calculus approach is that, unlike the situation for classical
process calculus, equivalence-checking has not yet been automated.

CQP [6] is a process calculus for formally defining the
structure and behaviour of systems that combine quantum and classical
communication and computation. It is based on pi-calculus
[13, 14], with the addition of primitive
operations for quantum information processing. The general picture is
that a system consists of a number of independent components, or
processes, which can communicate by sending data along
channels. In particular, qubits can be transmitted on channels.
One of the distinctive features of CQP is its type system, which
ensures that operations can only be applied to data of the appropriate
type. The type system is also used to enforce the view of qubits as
physical resources, each of which has a unique owning process at any
given time. If a qubit is send from A to B, then ownership is
transferred and A can no longer access it. Although typing is
important, we will not discuss it in detail in the present paper;
however, our CQP definitions will include type information because it
usually forms useful documentation. Also, in the present paper, we
will not give a full formal definition of the CQP language. Instead,
in the next section, we will explain it informally in relation to our
first model of a quantum error correction system.

2.1 Error Correction: A First Model

Our model of a quantum error correction system consists of three
processes: Alice, Bob and Noise. Alice wants to send a
qubit to Bob over a noisy channel, represented by Noise. She
uses a simple error correcting code based on threefold repetition
[15, Chapter 10]. This code is able to correct a single
bit-flip error in each block of three transmitted qubits, so for the
purpose of this example, in each block of three qubits, Noise
either applies X to one of them or does nothing. Bob uses the
appropriate decoding procedure to recover Alice’s original qubit.
The CQP definition of Alice is as follows.

Alice is parameterized by two channels, a and b. In order to
give Alice a general definition independent of the qubit to be
sent to Bob, she will receive the qubit on channel a. The type
of a is ˆ[Qbit], which is the type of a channel on which
each message is a qubit. Channel b is where Alice sends the
encoded qubits. Each message on b consists of three qubits, as
indicated by the type ˆ[Qbit,Qbit,Qbit].

The right hand side of the definition specifies Alice’s
behaviour. The first term, (qbity,z), allocates two fresh qubits,
each in state |0⟩, and gives them the local names y and
z. Then follows a sequence of terms separated by dots. This
indicates temporal sequencing, from left to
right. a?[x:Qbit] specifies that a qubit is received
from channel a and given the local name x. The term
{x,z∗=CNot} specifies that the CNot
operation is applied to qubits x and z; the next term is
similar. These operations implement the threefold repetition code: if
the intial state of x is |0⟩ (respectively, |1⟩) then
the state of x,y,z becomes |000⟩ (respectively,
|111⟩). In general, of course, the initial state of x may be a
superposition, and then so will be the final state of
x,y,z. Finally, the term b![x,y,z] means that the qubits
x,y,z are sent as a message on channel b. The term 0 simply
indicates termination.

We model a noisy quantum channel by the process Noise, which
receives three qubits from channel b (connected to Alice) and
sends three (possibly corrupted) qubits on channel c (connected to
Bob). Noise has four possible actions: do nothing, or apply
X to one of the three qubits. These actions are chosen with equal
probability. We produce probabilistic behaviour by introducing fresh
qubits in state |0⟩, applying H to put them into state
1√2(|0⟩+|1⟩), and then measuring in the
standard basis. The definition of Noise is split into two
sub-processes, of which the first, NoiseRnd, produces two
random classical bits and sends them to the second, NoiseErr, on
channel p. This programming style, using internal messages instead
of assignment to variables, is typical of pi-calculus.

Misplaced &

The process NoiseErr receives three qubits from channel b, and
two classical bits from channel p. It interprets the classical bits,
locally named j and k, as instructions for corrupting the
qubits. This uses appropriate Boolean combinations of j
and k to construct conditional quantum operations such as
Xj¯¯¯k.

The complete Noise process consists of NoiseRnd and
NoiseErr in parallel, indicated by the vertical bar. Channel p
is designated as a private local channel; this is specified by
(newp). This construct comes from pi-calculus, where it can be used to
dynamically create fresh channels, but here we are using it in the
style of older process calculi such as CCS, to indicate a channel with
restricted scope. Putting NoiseRnd and
NoiseErr in parallel means that the output on p in NoiseRnd
synchronizes with the input on p in NoiseErr, so that data is
transferred.

Bob consists of BobRec and BobCorr, where BobRec
receives the qubits and measures the error syndrome, and BobCorr
applies the appropriate correction. An internal channel p is used to
transmit the result of the measurement, as well as the original
qubits, again in pi-calculus style. After correcting the error in the
group of three qubits, BobCorr reconstructs a quantum state in
which qubit x has the original state received by Alice and is
separable from the auxiliary qubits. Finally, BobCorr outputs x
on channel d.

The overall effect of the error correcting system is to input a qubit
from channel a and output a qubit, in the same state, on channel
d, in the presence of noise. The complete system is defined as
follows.

QECC(a:ˆ[Qbit],d:ˆ[Qbit])=(newb,c)(Alice(a,b)∣Noise(b,c)∣Bob(c,d))

When we consider correctness of the error correction system, we will
prove that QECC is equivalent to the following identity
process, which by definition transmits a single qubit faithfully.

Identity(a:ˆ[Qbit],d:ˆ[Qbit])=a?[x:Qbit].d![x].0

2.2 Semantics of CQP

The intended behaviour of the processes in the error correction system
was described informally in the previous section, but in fact the
behaviour is precisely specified by the formal semantics of CQP. In
this section we will explain the formal semantics, although without
giving all of the definitions. Full details can be found in Davidson’s
PhD thesis [3].

In classical process calculus, the semantics is defined by labelled
transitions between syntactic process terms. For example, a process of
the form c![2].P, where P is some continuation process,
has the transition

c![2].P\lx@stackrelc![2]⟶P.

(1)

The label c![2] indicates the potential interaction of the
process with the environment. In order for this potential interaction
to become an actual step in the behaviour of a system, there would
have to be another process, ready to receive on channel c. A
suitable process is c?[x].Q, where Q is some continuation
process. The labelled transition representing the potential input is

c?[x].Q\lx@stackrelc?[v]⟶Q{v/x}.

(2)

Here v stands for any possible input value, and Q{v/x}
means Q with the value v substituted for the variable x. If
these two processes are put in parallel then each has a partner for
its potential interaction, and the input and output can synchronize,
resulting in a τ transition which represents a single step of
behaviour:

c![2].P∣c?[x].Q\lx@stackrelτ⟶P∣Q{2/x}.

The complete definition of the semantics takes the form of a
collection of labelled transition rules. Transition
(1) becomes a general rule for output if the value 2 is
replaced by a general value v. Transition (2) is a
general rule for input. The interaction between input and output is
defined by the rule

which specifies that if the transitions above the line (hypotheses)
are possible then so is the transition below the line (conclusion).
Full details of this style of semantics, in relation to pi-calculus,
can be found in [13, 16].

To define the semantics of a quantum process calculus such as CQP, we
need to include a representation of the quantum state. Because of
entanglement, the quantum state is a global property. It also turns
out to be necessary to specify which qubits in the global quantum
state are owned by (i.e. accessible to) the process term under
consideration. We work with configurations such as

([q,r↦1√2(|00⟩+|11⟩)];q;c![q].P).

(3)

This configuration means that the global quantum state consists of two
qubits, q and r, in the specified state; that the process term
under consideration has
access to qubit q but not to qubit r ; and that the process itself
is c![q].P. Now consider a configuration
with the same quantum state but a different process term:

([q,r↦1√2(|00⟩+|11⟩)];r;d![r].Q).

The parallel composition of these configurations is the following:

([q,r↦1√2(|00⟩+|11⟩)];q,r;c![q].P∣d![r].Q)

where the quantum state is still the same.

The semantics of CQP consists of labelled transitions between
configurations, which are defined in a similar way to classical
process calculus. For example, configuration (3)
has the transition

The quantum state is not changed by this transition,
but because qubit q is output, the continuation process P no
longer has access to it; the final configuration has an empty list of
owned qubits.

Previous papers on CQP [6, 7] defined the semantics
in a different style. Instead of labelled transitions there were
reductions, corresponding to τ transitions, and these were
defined directly. However, although reduction semantics allows the
behaviour of a complete system to be defined, labelled transitions and
their interpretation as potential interactions are necessary in
order to define equivalence between processes, which is the focus of
the present paper.

As well as the different style of definition used in previous work,
there is a very significant difference in the way that the semantics
treats quantum measurement. In the original reduction semantics of
CQP, a measurement leads to a probability distribution over
configurations, which at the next step reduces probabilistically to
one particular configuration. But in order for equivalence of
processes to have the crucial property of congruence, the
semantics must incorporate a more sophisticated analysis of
measurement, in which mixed configurations play an essential
role.

If the result of a quantum measurement is not made available to an
observer then the system is considered to be in a mixed
state, but it is not sufficient to simply write a mixed quantum
state in a configuration. In general the mixture includes the
process term, because the measurement result occurs within the
term.

Example 1

This transition represents the effect of a measurement, within a
process which is going to output the result of the measurement; the
output, however, is not part of the transition, which is why it is a
τ transition and the process term on the right still contains
c![]. The configuration on the left is a pure
configuration, as described before. On the right we have a
mixed configuration in which the ⊕ ranges over the
possible outcomes of the measurement and the |αi|2 are the weights of
the components in the mixture. The quantum state
[q↦|i⟩] corresponds to the measurement outcome. The
expression λx∙c![x].P is not a λ-calculus
function, but represents the fact that the components of the mixed
configuration have the same process structure and differ only in the
values corresponding to measurement outcomes. The final term in the
configuration, i, shows how the abstracted variable x should be
instantiated in each component. Thus the λx represents a term
into which expressions may be substituted, which is the reason for the
λ notation. So the mixed configuration
is essentially an abbreviation of

|α0|2([q↦|0⟩];q;c![0].P{0/x})⊕|α1|2([q↦|1⟩];q;c![1].P{1/x}).

If a measurement outcome is output then it becomes apparent to an
observer which of the possible states the system is in. This is
represented by probabilistic branching, after which we consider that
system to be in one branch or the other — it is no longer a mixture
of the two. Example 2 shows the effect of the output
from the final configuration of Example 1. The
output transition produces the intermediate configuration, which is a
probability distribution over pure configurations (in contrast to a
mixed configuration; note the change from ⊕ to
⊞). Because it comes from a mixed configuration, the output
transition contains a set of possible values.
From the intermediate configuration there are two possible
probabilistic transitions, of which one is shown (\lx@stackrel|α0|2⇝).

Example 2

Measurement outcomes may be communicated between processes without
creating a probability distribution. In these cases an observer must
still consider the system to be in a mixed configuration. In
Example 3 there is a mixed configuration on
the left, with arbitrary weights gi, which we imagine to have been
produced by a measurement. However, there is now a receiver for the
output. Although there is no difference in process Q between the two
components of the mixed configuration, we include it in the λ
because the communication will propagate the different possible values
for x to Q.

Example 3

The full definition of the labelled transition semantics covers more
complex possibilities. For example, if incomplete information about a
measurement is revealed, the resulting configuration is in general a
probability distribution over mixed configurations. The aspects of the
semantics that are relevant to the present paper will be illustrated
further in relation to the error correction example. Now we
define some notation.

There are two types of transition: probabilistic transitions which
take the form ⊞ipisi\lx@stackrelpi⇝si where ∀i.(pi<1), and non-deterministic transitions which have the general
form s\lx@stackrelα⟶⊞ipisi where ∀i.(pi≤1) and α is an action. The notation ⊞ipisi≡p1∙s1⊞⋯⊞pn∙sn
denotes a probability distribution over configurations in which
∑ipi=1. If there is only a single configuration (with
probability 1) we omit the probability, for example s\lx@stackrelα⟶s′.

The separation of probabilistic and non-deterministic transitions
avoids the need to consider non-deterministic and probabilistic
transitions from the same configuration. The relations
\lx@stackrelα⟶ and \lx@stackrelπ⇝ induce a partition of the
set
S of configurations into non-deterministic configurations Sn and
probabilistic configurations Sp: let Sp={s∈S|∃π∈(0,1],∃t∈S,s\lx@stackrelπ⇝t};
and let Sn=S∖Sp. By this definition a
configuration with no transitions belongs to Sn. This notation
will be used in Section 3.

2.3 Execution of QECC

We show the interesting steps in one possible execution of QECC,
omitting the new declarations from the process terms to reduce
clutter. The semantics of CQP is non-deterministic, so transitions can
proceed in a different order; the order shown here is chosen for
presentational convenience. The initial configuration is
(∅;∅;Alice∣Noise∣Bob).
In the first few steps, the processes execute qbit terms,
constructing a global quantum state:

([y,z,u,v,s,t↦|000000⟩];y,z,u,v,s,t;Alice′∣Noise′∣Bob′)

Alice receives qubit x, in state α|0⟩+β|1⟩,
from the environment, via transition \lx@stackrela?[x]⟶, which
expands the quantum state. We now abbreviate the list of qubits to
˜q=x,y,z,u,v,s,t. After some τ transitions corresponding to Alice’s
CNot operations, we have:

([˜q↦α|0000000⟩+β|1110000⟩];˜q;b![x,y,z].0∣Noise′∣Bob′)

Noise′=NoiseErr∣NoiseRnd′ (NoiseRnd′ has
already done its qbit). The output on b interacts with
the input on b in NoiseErr. Meanwhile, the measurements in
NoiseRnd produce a mixed configuration because the results are
communicated internally, to NoiseErr:

The remaining transitions operate within the mixed configuration. In
each component of the mixture, the measurement of s,t by BobRec
has a deterministic outcome, so no further mixedness is
introduced. Eventually we have a mixed configuration in which the
process term is the same, d![x].0, in every component,
so we can just consider the mixed state, which is

⊕j,k∈{0,1}14[x,y,z,u,v,s,t↦α|000jkjk⟩+β|100jkjk⟩].

The mixture over j,k is the residue of the random choice made by
NoiseRnd, and the dependence of s and t on j,k is because
BobRec’s measurement recovers the values of j and k (which is
what allows the error to be corrected). In this final mixed state, the
reduced density matrix of x, which is what we are interested in when
x is output, is the same as the original density matrix of x.

The process calculus approach to verification is to define a process
System which models the system of interest, another process
Spec which expresses the specification that System
should satisfy, and then prove that System and
Spec are equivalent. Usually Spec is defined in a
sufficiently simple way that it can be taken as self-evident that it
accurately represents the desired specification.

What do we mean by equivalent? The idea is that two processes
are equivalent if their behaviour is indistinguishable by an observer.
That is, if they do the same thing in the same circumstances.
Equivalence relations in this style are generically called
behavioural equivalences. Suppose that ≅ is an
equivalence relation on processes. The ideal situation is for ≅
to have a further property called congruence, which means that
it is preserved by all of the constructs of the process calculus. A
convenient way to express this property involves the notion of a
process contextC[]. This is a process term containing a
hole, represented by [], into which a process term may be
placed. For example, c?[x].[] is a context, and putting the
process d![x].0 into the hole results in the process
c?[x].d![x].0.

Definition 1

An equivalence relation ≅ on processes is a congruence if

∀P,Q.P≅Q⇒∀C[].C[P]≅C[Q].

This definition of congruence corresponds to the idea that observers
are themselves expressed as processes. Congruence, in addition to the
property of being an equivalence relation, is what is required in
order to allow equational reasoning about equivalence of processes. It
means that if a system satisfies its specification, then it continues
to satisfy its specification no matter what environment it is placed
in.

From the beginning of the study of quantum process calculus, the aim
was to define a behavioural equivalence with the congruence property.
This was not straightforward and took several years to achieve; Lalire
[11] describes an unsuccessful attempt. Recently the
congruence problem has been solved by the first three authors of the
present paper [3] for CQP and, independently, by
Feng et al.[5] for qCCS.

We will now present the concept of bisimilarity, which is the
main approach to behavioural equivalence, and then define a particular
form of bisimilarity, called probabilistic branching
bisimilarity, which is a congruence for CQP.

3.1 Strong Bisimilarity

The basic idea of bisimilarity is that if two processes are equivalent
then any labelled transition by one can be matched by the other, and
the resulting processes are again equivalent. It is worth presenting
the definition of the prototypical example, strong bisimilarity[12], as a model for later definitions. The most general setting
for the definition is to consider a labelled transition system,
which consists of a set of states and a three-place relation on
States×Labels×States, written
s\lx@stackrelα⟶t. A labelled transition system can be regarded as a
labelled directed graph whose vertices are the states. We will
consider relations on the set of states. The definition of strong
bisimilarity proceeds in two stages. First we define the property of
strong bisimulation, which a particular relation might or might
not have.

Definition 2 (Strong Bisimulation)

A relation R is a strong bisimulation if whenever
(P,Q)∈R then for all labels α, both

if P\lx@stackrelα⟶P′ then Q\lx@stackrelα⟶Q′ and (P′,Q′)∈R, and

if Q\lx@stackrelα⟶Q′ then P\lx@stackrelα⟶P′ and (P′,Q′)∈R.

For a given labelled transition system there are many relations that
have the property of strong bisimulation, including (trivially) the
empty relation. The key idea is to define
strong bisimilarity to be the union of all strong
bisimulations, or equivalently the largest strong bisimulation.
In other words, P and Q are strong bisimilar (denoted P∼Q) if
and only if there exists a bisimulation R such that (P,Q)∈R.

3.2 Probabilistic Branching Bisimilarity

One of the characteristics of strong bisimilarity is that it is a
stronger relation than trace equivalence; it is possible for two
processes to generate the same sequences of labels, but not be strong
bisimilar. Strong bisimilarity depends on the branching structure of
the processes as well as on their sequences of labels. Another
characteristic is that every transition must be matched
exactly, including τ transitions. However, because they arise
from internal communications, it is often undesirable to insist that
equivalent processes must match each other’s τ transitions. Hence
weaker variations of bisimilarity have been defined, including
weak bisimilarity[12], which ignores τ
transitions, and branching bisimilarity[10],
which reduces the significance of τ transitions but retains
information about their branching structure.

When considering equivalences for quantum process calculus, it is
necessary to take probability into account; even with the treatment of
mixed configurations described in Section 2, there is
probabilistic behaviour when measurement results are revealed to the
observer. There are several varieties of probabilistic bisimilarity
for classical probabilistic process calculi, including
probabilistic branching bisimilarity[17]. The equivalence
for CQP defined by Davidson [3], which turns out to be a
congruence, is a form of probabilistic branching bisimilarity, adapted
to the situation in which probabilistic behaviour comes from quantum
measurement. A key point is that when considering matching of input or
output transitions involving qubits, it is the reduced density
matrices of the transmitted qubits that are required to be equal.

Although we did not present the full definition of the labelled
transition semantics for CQP, we will now define probabilistic
branching bisimilarity in full. In Section 3.4, the definition will
be applied to the error correction example. The
definitions in the remainder of this section are from Davidson’s
thesis [3].

Notation: Let \lx@stackrelτ⟶+ denote zero
or one τ transitions; let \lx@stackrel⟹ denote zero or more τ
transitions; and let \lx@stackrelα⟹ be equivalent to \lx@stackrel⟹\lx@stackrelα⟶\lx@stackrel⟹. We write ˜q for a list of
qubit names, and similarly for other lists.

Definition 3 (Density Matrix of Configurations)

We also introduce the notation ρE to denote the reduced density
matrix of the environment qubits. Formally, if s=([˜q↦|ψ⟩];˜p;P) then ρE(s)=ρ˜r(s) where ˜r=˜q∖˜p. The
definition of ρE is extended to mixed configurations in the same
manner as ρ.

Again let S be the set of configurations.
The probabilistic function μ:S×S→[0,1] is defined in the style of [17]. It allows
non-deterministic transitions to be treated as transitions with
probability 1, which is necessary when calculating the total
probability of reaching a terminal state.
μ(s,t)=π if s\lx@stackrelπ⇝t; μ(s,t)=1 if s=t and
s∈Sn; μ(s,t)=0 otherwise.

Definition 4 (Probabilistic Branching Bisimulation)

An equivalence relation R
on configurations is a probabilistic branching bisimulation on configurations if whenever (s,t)∈R the following conditions are satisfied.

If s∈Sn and s\lx@stackrelτ⟶s′
then ∃t′,t′′ such that t\lx@stackrel⟹t′\lx@stackrelτ⟶+t′′ with (s,t′)∈R and (s′,t′′)∈R.

If s\lx@stackrelc![V,˜q1]⟶s′ where s′=⊞j∈{1…m}pjs′j and V={˜v1,…,˜vm} then ∃t′,t′′ such that t\lx@stackrel⟹t′\lx@stackrelc![V,˜q2]⟶t′′ with

(s,t′)∈R,

t′′=⊞j∈{1…m}pjt′′j,

for each j∈{1,…,m}, ρE(s′j)=ρE(t′′j).

for each j∈{1,…,m}, (s′j,t′′j)∈R.

If s\lx@stackrelc?[˜v]⟶s′ then ∃t′,t′′ such that t\lx@stackrel⟹t′\lx@stackrelc?[˜v]⟶t′′ with (s,t′)∈R and (s′,t′′)∈R.

If s∈Sp then μ(s,D)=μ(t,D) for all classes D∈S/R.

This relation follows the standard definition of branching
bisimulation [10] with additional conditions for
probabilistic configurations and matching quantum information. In
condition II we require that the distinct set of values V must match
and although the qubit names (˜q1 and ˜q2) need not be
identical, their respective reduced density matrices
(ρ˜q1(s) and ρ˜q2(t′)) must.

Condition IV provides the matching on probabilistic configurations
following the approach of [17]. In this relation, a
probabilistic configuration which necessarily evolves from an output
will satisfy IV if the prior configuration satisfies II d). It is
necessary to include the latter condition to ensure that the
probabilities are paired with their respective configurations.

Naturally this leads to the following definition of bisimilarity on
configurations.

Definition 5 (Probabilistic Branching Bisimilarity)

Configurations s and t are probabilistic branching bisimilar, denoted s\leftrightarroweqt, if there exists a probabilistic branching bisimulation R such that (s,t)∈R.

What we really want is equivalence of processes, independently of
configurations (i.e. independently of particular quantum states).

Definition 6 (Probabilistic Branching Bisimilarity of Processes)

Processes P and Q are probabilistic branching bisimilar, denoted P\leftrightarroweqQ, if and only if for all σ, (σ;∅;P)\leftrightarroweq(σ;∅;Q).

For convenience, in the remainder of this paper bisimilarity
will refer to probabilistic branching bisimilarity and it will be
clear from the context whether this is the relation on processes or
configurations. The same symbol, \leftrightarroweq, is used for both relations.

It turns out that probabilistic branching bisimilarity is not a
congruence because it is not preserved by substitution of values for
variables, which is significant because of the use of substitution to
define the semantics of input. We therefore define a stronger
relation, full probabilistic branching bisimilarity, which is
the closure of probabilistic branching bisimilarity under substitutions.

Definition 7 (Full probabilistic branching bisimilarity)

Processes P and Q are full probabilistic branching
bisimilar, denoted P\leftrightarroweqcQ, if for all substitutions κ
and all quantum states
σ, (σ;˜q;Pκ)\leftrightarroweq(σ;˜q;Qκ).

P and Q are probabilistic branching bisimilar, because in any
quantum state they can match each other’s transitions. For input
transitions this is because they can both input a single qubit, and
for output transitions it is trivial because neither process produces
any output. The actions within each process produce τ
transitions, which are absorbed into the input transitions according
to the definition of probabilistic branching bisimulation.

Now consider P and Q in parallel with
R(b:ˆ[Qbit])=b![q].0
in the quantum state
[p,q↦1√2(|00⟩+|11⟩)]. That is,
consider the configurations

([p,q↦1√2(|00⟩+|11⟩)];p,q;P∣R)([p,q↦1√2(|00⟩+|11⟩)];p,q;Q∣R)

The interesting situation is when the measurement in P or Q occurs
before the output in R. Imagine, first, that the semantics of CQP
handles the measurement by producing a probability distribution;
recall that this is not the actual semantics of measurement. In
P∣R the quantum state before the measurement is
1√2(|00⟩+|11⟩) and the state after the
measurement is either |00⟩ or |11⟩ with equal
probability. The qubit output by R has reduced density matrix
(1000) or (0001). In Q∣R the
quantum state before the measurement is
12(|00⟩+|01⟩+|10⟩−|11⟩) and the state after
the measurement is either 1√2(|00⟩+|01⟩) or
1√2(|10⟩−|11⟩) with equal probability. The
qubit output by R has reduced density matrix
12(1111) or 12(1−1−11). It
is therefore impossible for P∣R and Q∣R to match
each other’s outputs.

Actually, of course, the semantics of CQP does not produce a
probability distribution in this case, because the result of the
measurement is not output. Instead, from P∣R we get the
mixed configuration

The calculation of the reduced density matrix of the qubit output by
R, taking into account the contributions of each component of the
mixed configuration, gives (1001) in both cases. This
enables P∣R and Q∣R to match each other’s
outputs, and in fact (although we do not show it here), it is
straightforward to construct a probabilistic branching bisimulation
relation containing (P∣R,Q∣R).

3.4 Correctness of QECC

We now sketch the proof that QECC\leftrightarroweqcIdentity, which by
Theorem 1 implies that the error correction system
works in any context. An interesting consequence is that the qubit
being transmitted may be part of any quantum state, meaning that it is
correctly transmitted with error correction even if it is entangled
with other qubits; the entanglement is also preserved by the error
correction system. This property of error correction, although easily
verified by hand, is not usually stated explicitly in the literature.

Proposition 1

QECC\leftrightarroweqcIdentity.

Proof:
First we prove that QECC\leftrightarroweqIdentity,
by defining an equivalence relation R that contains the pair
((σ;∅;QECC),(σ;∅;Identity))
for all σ and is closed under their transitions.
R is defined by taking its equivalence classes to be the
Si(σ) defined below, for all states σ. The idea is to
group configurations according to the sequences of observable
transitions leading to them. S2 is also
parameterized by the input qubit, as this affects the output qubit
and hence the equivalence class.